CN1643961B - Method of updating an authentication algorithm in a computer system - Google Patents
Method of updating an authentication algorithm in a computer system Download PDFInfo
- Publication number
- CN1643961B CN1643961B CN038058251A CN03805825A CN1643961B CN 1643961 B CN1643961 B CN 1643961B CN 038058251 A CN038058251 A CN 038058251A CN 03805825 A CN03805825 A CN 03805825A CN 1643961 B CN1643961 B CN 1643961B
- Authority
- CN
- China
- Prior art keywords
- card
- authentication arithmetic
- algorithm
- account
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 62
- 238000000034 method Methods 0.000 title claims abstract description 20
- 230000004913 activation Effects 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 238000012545 processing Methods 0.000 abstract description 11
- 241001393742 Simian endogenous retrovirus Species 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 4
- 238000013508 migration Methods 0.000 description 3
- 230000005012 migration Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- HCBIBCJNVBAKAB-UHFFFAOYSA-N Procaine hydrochloride Chemical compound Cl.CCN(CC)CCOC(=O)C1=CC=C(N)C=C1 HCBIBCJNVBAKAB-UHFFFAOYSA-N 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000011002 quantification Methods 0.000 description 1
- 239000004248 saffron Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
- H04W12/45—Security arrangements using identity modules using multiple identity modules
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Storage Device Security (AREA)
- Telephone Function (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to a method of updating an authentication algorithm in at least one data processing device (CARD, SERV) which can store a subscriber identity (IMSI 1 ) which is associated with an authentication algorithm (Algo 1 ) in a memory element of said device (CARD, SERV). The inventive method comprises the following steps, namely: a step whereby a second inactive (Algo 2 ) authentication algorithm is pre-stored in a memory element of the device and a step for switching from the first algorithm (Algo 1 ) to the second algorithm (Algo 2 ) which can inhibit the first algorithm (Algo1 ) and activate the second (Algo 2 ).
Description
Technical field
The present invention relates to the method for the authentication arithmetic in a kind of update calculation machine system.
The present invention can be applicable to store any data processing equipment of authentication arithmetic.The present invention can be applicable to smart card especially.
Smart card can combine with any system, embeds or does not embed.
Can in such as GSM (global system for mobile communications), UMTS (universal mobile telecommunications service), GPRS various types of communication networks such as (GPRSs), realize the present invention.
Selection is used for illustrating that example of the present invention will be the example of the mobile phone that combines with SIM (subscriber identity module) smart card.
Background technology
In order to manage the user who in GSM (global system for mobile communications) network, roams, must clearly identify this user.
Owing to used wireless channel, communication is vulnerable to eavesdropping and illegal the use.Therefore, gsm system:
-before allowing access service, each user of authentication (or user),
-use temporary mark,
-coded communication.
Gsm system uses and user-dependent 4 types of sign indicating numbers at present:
-IMSI (IMSI International Mobile Subscriber Identity) sign indicating number.This sign is written in the SIM card.
-TMSI (Temporary Mobile Subscriber Identity) sign indicating number is a temporary mark of being given mobile phone by network allocation, uses it for the transaction on the wireless channel then;
-MSISDN sign indicating number is and the travelling carriage International ISDN of ITU (International Telecommunications Union) numbering planning E164 compatibility number, and it is that the user is known;
-MSRN (travelling carriage roaming number) sign indicating number is to route the call to the routine call number of MSC at the present place of roamer and the interim number that distributes by use.
During subscribing to, key K i is distributed to user with IMSI sign indicating number.IMSI/Ki is stored in this in user's the SIM card and outside the card, particularly in the AuC of AUC.Should be to being closely related with one or more authentication arithmetics.
Attention: the AuC of AUC is used for the user of authentication GSM network.For information, note: authentication makes network to check whether the user is authorized to use this network by checking the existence of secret key in the SIM card.
Can also be with another to being stored in second database that is called as HLR (attaching position register).This database storage and each user-dependent this to MSISDN/IMSI, it comprises user's MSISDN and constant IMSI.
In updating stored in card and with this cartoon letters, when storage is exclusively used in algorithm in any data processing equipment (AuC of AUC, attaching position register HLR, Visited Location Registor VLR database etc.) of user's data, problem has occurred.Wherein, upgrade except that relating to other, also relate to modification and be used for authentication each IMSI/Ki outside card and the card in AuC, VLR, HLR etc. the algorithm right with MSISDN/IMSI.
Solution of too simplifying comprises and downloads to new algorithm in the card and outside the card in AuC, VLR, HLR etc.With regard to fail safe, this solution has been brought problem, but can not consider to send on network this algorithm, particularly because these algorithm right and wrong are proprietary.
Summary of the invention
The objective of the invention is the security update authentication arithmetic.
In order to realize this purpose, the present invention relates to a kind of method that is used for upgrading the authentication arithmetic of at least one data treatment facility, this data processing equipment can be stored the user ID relevant with authentication arithmetic in the memory component of described equipment, this method feature is that it comprises the following steps:
-preliminary step is stored in the second un-activation authentication arithmetic in the memory component of this equipment by this;
-being used for first algorithm is switched to the step of second algorithm (Algo2), it can be forbidden first algorithm and activate second algorithm.
Therefore, we can understand: authentication arithmetic is stored in the card in advance.At reproducting periods, this has been avoided the transmission authentication arithmetic to upgrade to carry out.
By the description that provides as example below reading with reference to accompanying drawing, will be more readily understood the present invention.
Description of drawings
Fig. 1 is the view that can use computer system of the present invention, the figure shows the state of computer system before switching number of the account; With
Fig. 2 represents the figure identical with Fig. 1, and on this figure, the state of system is the state that is obtained after switching account number.
Embodiment
In order to simplify description, identical parts are relevant with identical Reference numeral.
For the present invention is described, Fig. 1 shows the architecture that comprises such as the embedded system of the mobile phone (not shown) that combines with card CARD.In our realization example, used SIM card.
In our illustrated example, embedded system via communication network RES with communicate by letter such as the data processing equipment of server S ERV.
In our example, operator OP management is distributed in the various cards on the network.Particularly, the operator manages various users' number of the account.Usually, during card was individualized, the operator distributed a pair of data item, that is, and and key K i relevant and IMSI sign indicating number with at least one authentication arithmetic, and it is loaded in the card.Thereby, blocked for each user storage a pair of IMSI/Ki.Also should be to being stored among the AuC of AUC.
In order to simplify, determine unique authentication arithmetic is relevant with each number of the account to explanation of the present invention.This example is not restrictive, but can several authentication arithmetics are relevant with same user account number.
In our illustrated example, another is stored in HLR (attaching position register) database MSISDN/IMSI.
AuC and HLR or on same server, perhaps on two different servers.In our example and according to Fig. 1, decision is stored in it on same server S ERV.
As known above us, the renewal authentication arithmetic also is not easy.
In our realization example, update algorithm needs according to the present invention can be stored the smart card of at least two number of the account C1 and C2.This card has been stored the first user account number C1 relevant with at least one first authentication arithmetic Algo1 (A3A8).This first number of the account comprises that this IMSI1/Ki1 is right.In our illustrated example, this card has also been stored the second number of the account C2 relevant with at least one second authentication arithmetic Algo2 (A3A8), and this second number of the account C2 is relevant with same user A1.Second number of the account comprises that IMSI2/Ki2 is right.The invention is not restricted to Authentication Algorithm A3 A8 well known by persons skilled in the art, but can apply the present invention to the authentication arithmetic of any kind.
In the remainder of describing, each number of the account C1 and C2 are identified by its sign indicating number IMSI1 and IMSI2 separately.
In our realization example, number of the account IMSI1 and IMSI2 are managed by same operator OP.According to another pattern that realizes, the number of the account on the card can be managed by different operating person.
Similarly, in our example, the AuC of AUC stored the number of the account IMSI1 relevant with the first algorithm Algo1 (A3A8) and with the relevant number of the account IMSI2 of the second algorithm Algo2 (A3A8).
Similarly, in our example, HLR database has been stored the MSISDN/IMSI1 relevant with first number of the account to right with the MSISDN/IMSI2 relevant with second number of the account.
This update method is included in the smart card, and if necessary, in server S ERV, the first number of the account IMSI1 is switched to the second number of the account IMSI2.In realization example, equipped for server S ERV and can be 2 number of the account/users' of each user storage functional part.
Do like this, before switching, number of the account IMSI1 activates, and number of the account IMSI2 is unactivated.Fig. 1 is the figure of system before switching number of the account.Fig. 2 is the view of system after switching.
In our realization example, the number of the account switch step is as follows:
Step 1:
Operator's fill order is to switch number of the account.Advantageously, this is OTA (aerial download, the over the air) order that sign can be set on card, and the result of activation will switch to another account from an account.
Sign can comprise simply bit is set.For example, the bit that is in state 0 is represented number of the account IMSI1 un-activation, and number of the account IMSI2 is activated.On the contrary, the bit that is in state 1 represents that number of the account IMSI1 is activated, and number of the account IMSI2 un-activation.
Step 2:
Card CARD receives order, and number of the account is switched to number of the account IMSI2 from number of the account IMSI1.At this moment, in card, the first number of the account IMSI1 switches to unactivated state from state of activation, and the second number of the account IMSI2 switches to state of activation from unactivated state.
Step 3:
In our example, for the variation of the variation of the number of the account state stored in card synchronously and the number of the account account number of storing in server S ERV, the phone with this card sends the authentication order to server, so that it switches number of the account.This authentication order comprises new sign indicating number IMSI2.In server, activating number of the account is number of the account IMSI1.When server received this authentication order, program can be discerned this new sign indicating number IMSI2.Then, for the renewal that makes the synchronizing authentication algorithm and card CARD synchronous, server S ERV handoff algorithms.
In server, all relevant with the first algorithm Algo1 (A3A8) become un-activation to (MSISDN/IMSI1 and IMSI1/Ki1), and all relevant with new algorithm Algo2 (A3A8) become activation to (MSISDN/IMSI2 and IMSI2/Ki2).With identical on card, can carry out switching by sign is set.
Step 4:
In this stage of this method, in card CARD and in server S ERV, 2 number of the account IMSI1 and IMSI2 switch.Now, the authentication arithmetic that is used for the authentication among card CARD and the server S ERV is new algorithm Algo2 (A3A8).
Above-mentioned steps is corresponding to specific, the nonrestrictive example that realize.Differently performing step 3:
-for example, must not create two number of the account IMSI1 and IMSI2.Card can be stored single number of the account and 2 authentication arithmetic Algo1 and Algo2.The operator can directly send a command to card and server simultaneously, to switch to the second algorithm Algo2 from the first algorithm Algo1 in card He on the server; Advantageously, can be each algorithm Algo1 and the different key K i of Algo2 design.
-or the operator can only send to server with order.On card, activate number of the account and be still IMSI1.When the phone with this card attempt by server S ERV authentication himself the time, server receives the sign indicating number IMSI1 relevant with the first algorithm Algo1, and has understood that at present the number of the account of use is not IMSI2 on blocking.Therefore, the server fill order is with the number of the account on the switch card.In case carried out switching, the message that the telephone configuration one-tenth transmission indication switching with this card can have been taken place is to server.In case receive this message, the number of the account on the server switched to IMSI2 from number of the account IMSI1.After the number of the account on switching server SERV, server ask subsequently card use the new algorithm Algo2 authentication relevant with new account IMSI2 himself.
-or carrying out the operator of switching can download to program in the card, and also may download in the server, and this program can for example, giving the unlatching of fixing the date, its objective is and will switch to another number of the account from a number of the account after a time delay.
-or the operator can also entrust to handover operation one or more intelligent agents that can switch number of the account.For example, one group of card can be distributed to each agency.In this example, the operator sends order and acts on behalf of to all or some, so that they send the order COM with characteristic same as described above for card.
-can differently carry out the number of the account on the switching server.Card use the new yard IMSI2 relevant with new algorithm Algo2 pass through the server authentication himself.But the algorithm Algo2 that uses on card is different from the algorithm that activates on server S ERV.Therefore, failed authentication.This failure can trigger the switching of algorithm on the server.
In step 3, can not carry out switching immediately.When being provided with sign, the actual switching from a number of the account to another number of the account can be configured to by using for example one of following modes, only in the incident that occurs such as card replacement (closing/open), or takes place when carrying out REFRESH (refreshing) order:
-reset,
-whole file change notice
-or if card comprises file EF (IMSI), then file change is notified, this EF comprises new sign indicating number IMSI.
For the further details of relevant these patterns, referring to ETSI standard TS 11.14 well known by persons skilled in the art, TS 31.111 and TS 102223.
Attention: upgrade authentication arithmetic and revised IMSI/Ki to right with MSISDN/IMSI.Revise and can always not relate to revise a pair of two halves.Modification can only relate to half.For example, revise algorithm and can only relate to the right IMSI one side of something of IMSI/Ki.
Usually, the present invention relates to the method that comprises the following steps:
-initial step is stored in the second un-activation authentication arithmetic (Algo2) in the memory component of this equipment by this;
-being used for switching to the step of second algorithm (Algo2) from first algorithm (Algo1), it can be forbidden first algorithm (Algo1) and activate second algorithm (Algo2).
Advantageously, the entity of described device external (OP) is initiatively carried out switch step.In our realization example, this entity is operator OP.In our example, the operator controls handover operation.
In our example, the operator who sends switching command is the operator of the activation number of the account on the control card.But, between the operator, can relate to customized configuration, to allow the number of the account on the switch card each other; About this point, the operator who sends switching command can be the operator that card is gone up the un-activation number of the account.More generally, preferably start switch step by any individual/entity that is authorized to do like this.
Best, for example during card is individualized, at the local execution algorithm storing step of safety.
Can differently realize switch mode.For example, we understand: the operator who is responsible for switching can download to program in the equipment, and this program is opened after time delay.Therefore, switching can take place on card and on the related any equipment of the renewal of authentication arithmetic simultaneously.
We understand: have on the various sync cards and server on the method for updating of authentication arithmetic.Advantageously, the storage second number of the account C2 relevant with algorithm Algo2, that comprise the sign indicating number IMSI2 that is different from yard IMSI1.After the number of the account switch step on the equipment of being discussed, equipment sends sign indicating number IMSI2 need switch its algorithm to all or some data processing equipment.The purpose of this yard IMSI2 needs to switch the data processing equipment of its algorithm particularly in notice: switch and taken place.The renewal of algorithm in the computer system that this is synchronous.In case receive the sign indicating number (IMSI2) relevant with second algorithm (Algo2), described receiving equipment switches to second algorithm (Algo2) with algorithm from first algorithm (Algo1).
Can differently carry out synchronously.We have understood in our example: after switching, described equipment can directly send a command to another data processing equipment that needs to switch its number of the account.
Advantageously, after switching, reuse the relevant memory of data space of number of the account of storing with after the deexcitation.For example, after switching, from memory, wipe and relevant data of number of the account after the deexcitation.Thereby this is wiped and has discharged storage space.
Above we have understood: during first step, two the number of the account IMSI1 and the IMSI2 that create in card belong to same user A1.Attention: a user can comprise the one group of user who uses same number of the account.
We have understood in our realization example: switching comprises the at first deexcitation first number of the account IMSI1 and secondly activates the second number of the account IMSI2.
The result is a data processing equipment, and smart card particularly is characterised in that it comprises:
-storage device is used to store second authentication arithmetic (Algo2),
-being characterised in that to comprise: microcontroller, it is programmed to initiatively carry out the step that switches to second algorithm (Algo2) from first algorithm (Algo1) by operator (OP).
The invention still further relates to the computer program of data processing equipment, it comprises code command, to carry out previously defined switch step.
At last, the invention still further relates to the computer program of data processing equipment, it comprises code command, with after first algorithm switches to the step of second algorithm, uses the sign indicating number (IMSI2) that receives from transmitting apparatus to identify the algorithm that is used by described transmitting apparatus.
We understand and the invention provides many advantages:
Quite a large amount of time has been saved in such realization.In fact card is sold with two algorithms.First algorithm of current use and second algorithm that uses in the future.When operator's decision carries out migration.Simple command is enough to carry out the switching on the smart card of quantification.Therefore, if necessary, the operator can carry out independent migration, i.e. card of a clamping.
We have also understood: take place in case switch, and new algorithm Algo2 activates, then relevant with old algorithm Algo1 number of the account can be wiped free of, thus the release storage space.For the limit hardware constraints of memory size, the release of this storage space in smart card, is important advantage especially.
The present invention has avoided replace the needs of all cards that using at present with the neocaine of the authentication arithmetic of storing redaction.
The present invention has avoided the user that must be stored in the new AuC of AUC being distributed the needs of new phone number for each its IMSI/Ki; This user keeps same card and same telephone number in all cases then.
The present invention provides appreciable expense to save to the operator.We understand: because the present invention has used single AUC to upgrade authentication arithmetic, so it is favourable to the operator.The operator needn't buy new equipment to carry out migration.Again, reduced the financial expense that the type realizes considerablely.
Claims (7)
1. method that is used for switching in the authentication arithmetic of the activation that card and server use, described method comprises the storing step that is used in the memory component storage of described card and server first user ID relevant with first authentication arithmetic, and this method feature is that it comprises the following steps:
Initial step is used for unactivated second authentication arithmetic is stored in the memory component of card and server, and described second authentication arithmetic is relevant with second user ID that is different from described first user ID;
Be used for switching to from first authentication arithmetic step of second authentication arithmetic, it can be forbidden first authentication arithmetic and activate second authentication arithmetic.
2. the method for claim 1 is characterized in that, the entity of described device external initiatively begins this switch step.
3. method as claimed in claim 1 or 2 is characterized in that, in order to carry out handover operation, the long-range transmission of entity of described card outside is ordered to described card, so that switch to this second authentication arithmetic from this first authentication arithmetic.
4. method as claimed in claim 1 or 2, it is characterized in that in order to carry out handover operation, the entity of described card outside downloads to program in this card, this program can be opened after a time delay, and its objective is and will switch to this second authentication arithmetic from this first authentication arithmetic.
5. the method for claim 1, it is characterized in that, during storing step, storage is different from first user ID and second user ID relevant with second authentication arithmetic, and after being used to switch the step of the number of the account on the described card, described card sends second user ID need switch the server of its algorithm to all or some, so that notify these servers: switched algorithm, so that synchronized algorithm upgrades.
6. method as claimed in claim 5 is characterized in that, in case receive second user ID relevant with second authentication arithmetic, described server switches to second authentication arithmetic with algorithm from first authentication arithmetic.
7. the method for claim 1 is characterized in that, after switching, reuses the relevant memory of data space of number of the account of storing with after the deexcitation.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| EP02075996 | 2002-03-11 | ||
| EP02075996.5 | 2002-03-11 | ||
| FR0207168A FR2837009A1 (en) | 2002-03-11 | 2002-06-07 | Updating of an authentication algorithm in an information system, uses storage of replacement algorithm before first authentication algorithm is inhibited and replacement algorithm activated |
| FR02/07168 | 2002-06-07 | ||
| PCT/IB2003/000868 WO2003077586A1 (en) | 2002-03-11 | 2003-03-11 | Method of updating an authentication algorithm in a computer system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1643961A CN1643961A (en) | 2005-07-20 |
| CN1643961B true CN1643961B (en) | 2010-11-17 |
Family
ID=27763413
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN038058251A Expired - Lifetime CN1643961B (en) | 2002-03-11 | 2003-03-11 | Method of updating an authentication algorithm in a computer system |
Country Status (9)
| Country | Link |
|---|---|
| US (1) | US8031871B2 (en) |
| EP (1) | EP1483930B1 (en) |
| JP (1) | JP4328210B2 (en) |
| CN (1) | CN1643961B (en) |
| AT (1) | ATE526799T1 (en) |
| AU (1) | AU2003208511A1 (en) |
| ES (1) | ES2377554T3 (en) |
| FR (1) | FR2837009A1 (en) |
| WO (1) | WO2003077586A1 (en) |
Families Citing this family (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4258551B2 (en) | 2007-01-25 | 2009-04-30 | 日本電気株式会社 | Authentication system, authentication method, and authentication program |
| US8140064B2 (en) * | 2008-01-27 | 2012-03-20 | Sandisk Il Ltd. | Methods and apparatus to use an identity module in telecommunication services |
| US8457621B2 (en) * | 2008-01-27 | 2013-06-04 | Sandisk Il Ltd. | Generic identity module for telecommunication services |
| US9646450B2 (en) * | 2008-03-08 | 2017-05-09 | Stefan Melik-Aslanian | Emergency fund and replacement of credit/debit cards—lost, stolen, defective or fraudulently used |
| JP5272637B2 (en) * | 2008-10-14 | 2013-08-28 | ソニー株式会社 | Information processing apparatus, encryption switching method, and program |
| FR2947410A1 (en) * | 2009-06-30 | 2010-12-31 | France Telecom | METHOD FOR CHANGING AN AUTHENTICATION KEY |
| US8676181B2 (en) * | 2009-12-27 | 2014-03-18 | At&T Intellectual Property I, L.P. | Mobile phone number anonymizer |
| CN101895883B (en) * | 2010-06-04 | 2013-01-30 | 中国联合网络通信集团有限公司 | Smart card supporting authentication arithmetic update and method for updating authentication arithmetic |
| JP5740867B2 (en) * | 2010-08-18 | 2015-07-01 | ソニー株式会社 | Communication apparatus, information processing system, and encryption switching method |
| US8779890B2 (en) * | 2011-01-14 | 2014-07-15 | Intel Mobile Communication Technology GmbH | Radio devices, regulation servers, and verification servers |
| US20120182120A1 (en) * | 2011-01-14 | 2012-07-19 | Infineon Technologies Ag | Radio Devices, Regulation Servers, and Verification Servers |
| US9253630B2 (en) | 2011-06-02 | 2016-02-02 | Truphone Limited | Identity management for mobile devices |
| US9603006B2 (en) | 2011-09-19 | 2017-03-21 | Truphone Limited | Managing mobile device identities |
| DE102012213329A1 (en) * | 2012-07-30 | 2014-05-22 | Bayerische Motoren Werke Aktiengesellschaft | Communication device for use in system for executing data exchange between transmitter- or receiver station and vehicle, has receptacle unit for receiving chip card, on which two access data from two service providers are stored |
| EP2709387A1 (en) | 2012-09-18 | 2014-03-19 | Giesecke & Devrient GmbH | A method for changing network usage in a mobile telecommunication system |
| JP6048210B2 (en) * | 2013-02-26 | 2016-12-21 | 沖電気工業株式会社 | Information processing apparatus and program |
| EP2835995A1 (en) * | 2013-08-09 | 2015-02-11 | Giesecke & Devrient GmbH | Methods and devices for performing a mobile network switch |
| US10785645B2 (en) * | 2015-02-23 | 2020-09-22 | Apple Inc. | Techniques for dynamically supporting different authentication algorithms |
| EP3110189A1 (en) * | 2015-06-25 | 2016-12-28 | Gemalto Sa | A method of replacing at least one authentication parameter for authenticating a security element and corresponding security element |
| FR3042675B1 (en) | 2015-10-15 | 2017-12-08 | Oberthur Technologies | ELECTRONIC DEVICE COMPRISING A SECURE MODULE SUPPORTING A LOCAL MANAGEMENT MODE FOR CONFIGURING A SUBSCRIBING PROFILE |
| DE102015015734B3 (en) * | 2015-12-01 | 2017-06-01 | Giesecke & Devrient Gmbh | Subscriber identity module with multiple profiles and set up for an Authenticate command |
| JP7112799B2 (en) * | 2018-08-31 | 2022-08-04 | ベーステクノロジー株式会社 | Authentication system, its method, and its program |
| EP3621333A1 (en) * | 2018-09-05 | 2020-03-11 | Thales Dis France SA | Method for updating a secret data in a credential container |
| JP2022137255A (en) * | 2022-04-07 | 2022-09-21 | ベーステクノロジー株式会社 | Access control system and method for the same, and program for the same |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6212372B1 (en) * | 1991-04-12 | 2001-04-03 | Comvik Gsm Ab | Method in mobile telephone systems in which a subscriber identity module (SIM) is allocated at least two identities which are selectively activated by the user |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SE468068C (en) * | 1991-09-30 | 1994-04-11 | Comvik Gsm Ab | Procedure for personalization of an active card, for use in a mobile telephone system |
| JPH09509543A (en) * | 1994-02-24 | 1997-09-22 | ジーティーイー モービル コミュニケーションズ サービス コーポレイション | Cellular radiotelephone system with remote programmable mobile station |
| US5615267A (en) * | 1995-07-17 | 1997-03-25 | Bell Communications Research, Inc. | Method for adaptively switching between PCS authentication schemes |
| GB2340344A (en) * | 1998-07-29 | 2000-02-16 | Nokia Mobile Phones Ltd | Bilateral Data Transfer Verification for Programming a Cellular Phone |
| US6980660B1 (en) * | 1999-05-21 | 2005-12-27 | International Business Machines Corporation | Method and apparatus for efficiently initializing mobile wireless devices |
| FI19991918A (en) * | 1999-09-09 | 2001-03-09 | Nokia Mobile Phones Ltd | A method and arrangement for controlling a subscription in a mobile communication system |
| US6907123B1 (en) * | 2000-12-21 | 2005-06-14 | Cisco Technology, Inc. | Secure voice communication system |
| US6603968B2 (en) * | 2001-06-22 | 2003-08-05 | Level Z, L.L.C. | Roaming in wireless networks with dynamic modification of subscriber identification |
| EP1407629B1 (en) * | 2001-07-18 | 2007-04-04 | Togewa Holding AG | Method for telecommunication, identification module and computerised service unit |
-
2002
- 2002-06-07 FR FR0207168A patent/FR2837009A1/en not_active Withdrawn
-
2003
- 2003-03-11 AT AT03706803T patent/ATE526799T1/en not_active IP Right Cessation
- 2003-03-11 CN CN038058251A patent/CN1643961B/en not_active Expired - Lifetime
- 2003-03-11 EP EP03706803A patent/EP1483930B1/en not_active Expired - Lifetime
- 2003-03-11 WO PCT/IB2003/000868 patent/WO2003077586A1/en active Application Filing
- 2003-03-11 US US10/507,291 patent/US8031871B2/en active Active
- 2003-03-11 ES ES03706803T patent/ES2377554T3/en not_active Expired - Lifetime
- 2003-03-11 AU AU2003208511A patent/AU2003208511A1/en not_active Abandoned
- 2003-03-11 JP JP2003575657A patent/JP4328210B2/en not_active Expired - Lifetime
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6212372B1 (en) * | 1991-04-12 | 2001-04-03 | Comvik Gsm Ab | Method in mobile telephone systems in which a subscriber identity module (SIM) is allocated at least two identities which are selectively activated by the user |
Also Published As
| Publication number | Publication date |
|---|---|
| ATE526799T1 (en) | 2011-10-15 |
| FR2837009A1 (en) | 2003-09-12 |
| ES2377554T3 (en) | 2012-03-28 |
| US20050182802A1 (en) | 2005-08-18 |
| JP2005520423A (en) | 2005-07-07 |
| EP1483930A1 (en) | 2004-12-08 |
| JP4328210B2 (en) | 2009-09-09 |
| EP1483930B1 (en) | 2011-09-28 |
| WO2003077586A1 (en) | 2003-09-18 |
| US8031871B2 (en) | 2011-10-04 |
| AU2003208511A1 (en) | 2003-09-22 |
| CN1643961A (en) | 2005-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1643961B (en) | Method of updating an authentication algorithm in a computer system | |
| EP1441553B1 (en) | Method and system of remotely controlling a portable terminal by inserting a storage medium | |
| CN106899540B (en) | Update method, management system, eUICC and the terminal of user contracting data | |
| US5864757A (en) | Methods and apparatus for locking communications devices | |
| CN1989780B (en) | Method of securely unlocking a mobile terminal | |
| US6934391B1 (en) | Method and apparatus for control of a subscriber identity module in a data communication system | |
| US6504932B1 (en) | Method of transferring information between a subscriber identification module and a radiocommunication mobile terminal, and a corresponding subscriber identification module and mobile terminal | |
| EP1413162B1 (en) | System, method and smart card for accessing a plurality of networks | |
| US20040043788A1 (en) | Management of parameters in a removable user identity module | |
| EP2521034B1 (en) | Managing method, device and terminal for application program | |
| JP2010154539A (en) | Cellular radio telephone system with remotely programmed mobile station | |
| CN101155368A (en) | Terminal ability information updating system and method | |
| CZ328495A3 (en) | Telecommunication system | |
| CN101511051A (en) | Method, system and equipment for downloading application business of telecom smart card | |
| JP3787205B2 (en) | Method for updating data between user cards in a cellular radio communication system and corresponding terminal | |
| CN101635071B (en) | electronic wallet installation/update method, system and device | |
| CN104737566A (en) | Method for incorporating subscriber identity data into a subscriber identity module | |
| CN102067674A (en) | Controlling access to a communication network using a local device database and a shared device database | |
| CN101917703B (en) | Communication intelligent card and card writing method thereof over the air | |
| WO2010015883A1 (en) | A sim card personalization system | |
| NZ270976A (en) | Defective identification module: detection at terminal and control station warned | |
| KR20130141371A (en) | Methods for backup and restoration of profile in euicc environment and devices therefor | |
| WO2011040744A2 (en) | Mobile application reissuing method and system | |
| EP1413160B1 (en) | System, method and smart card for accessing a plurality of networks | |
| EP1367487A1 (en) | Remote application correction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: SETEC OY Free format text: FORMER NAME: AXALTO SA |
|
| CP03 | Change of name, title or address |
Address after: East France Patentee after: GEMALTO OY Address before: Monte Carlo, France Patentee before: AXALTO S.A. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: French Meudon Patentee after: Thales Digital Security France Address before: East France Patentee before: GEMALTO OY |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230308 Address after: French Meudon Patentee after: Thales Digital Security France Easy Stock Co. Address before: French Meudon Patentee before: Thales Digital Security France |
|
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20101117 |